Similarities between events that include a plurality of dimensions are computed, the similarities computed based on binary comparisons between the events and based on user-specified weights for the dimensions. Multidimensional scaling (MDS) values are calculated based on the computed similarities between the events. A graphical visualization is generated of a temporal plot of the events, the temporal plot comprising a first axis corresponding to time, and a second axis corresponding to the MDS values, and the temporal plot representing overlapping time slices each containing pixels representing a respective subset of the events.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method comprising: computing, by a system including a processor, similarities between events occurring within a network environment and that comprise a plurality of dimensions, the similarities computed based on binary comparisons between the events and based on user-specified weights for the dimensions; calculating, by the system, multidimensional scaling (MDS) values based on the computed similarities between the events; generating, by the system, a graphical visualization of a temporal plot of the events, the temporal plot comprising a first axis corresponding to time, and a second axis corresponding to the MDS values, and the temporal plot representing overlapping time slices each containing pixels representing a respective subset of the events; for each of the overlapping time slices, computing a diversity of each dimension of the plurality of dimensions, wherein a higher value of the diversity for a given dimension of the plurality of dimensions indicates that values of the given dimension are more spread apart; and identifying, by the system, security issues within the network environment from the graphical visualization.
2. The method of claim 1 , wherein MDS values comprise one-dimensional MDS values.
3. The method of claim 1 , further comprising: providing, in the graphical visualization, a respective graphical element representing the diversity of each dimension of the plurality of dimensions in a given time slice of the overlapping time slices.
4. The method of claim 3 , further comprising: assigning different visual indicators to the respective graphical element to represent different diversity values.
5. The method of claim 4 , wherein assigning the different visual indicators to the respective graphical element comprises assigning different colors of different brightness.
6. The method of claim 1 , further comprising: presenting a graphical user interface listing the plurality of dimensions, the graphical user interface including control elements that are user-actuatable to specify the respective weights for the plurality of dimensions; and setting the respective weights for the plurality of dimensions in response to user actuation of the control elements.
7. The method of claim 1 , wherein computing the similarities comprises computing weighted distances between the events based on the binary comparisons between individual dimensions of the events.
8. The method of claim 7 , further comprising generating a distance matrix having rows corresponding to the events and columns corresponding to the events, wherein a cell of the distance matrix includes a value representing the weighted distance between a pair of the events.
9. The method of claim 1 , further comprising: defining the overlapping time slices, wherein a first time slice of the overlapping time slices shares at least one event with a second time slice of the overlapping time slices.
10. The method of claim 1 , further comprising: iterating among performing defining the overlapping time slices, assigning the user-specified weights, and generating the graphical visualization.
11. A system comprising: a processor to: compute, by a system including a processor, similarities between events occurring within a network environment and that comprise a plurality of dimensions, the similarities computed based on binary comparisons between the events and based on user-specified weights for the dimensions; calculate, by the system, multidimensional scaling (MDS) values based on the computed similarities between the events; generate, by the system, a graphical visualization of a temporal plot of the events, the temporal plot comprising a first axis corresponding to time, and a second axis corresponding to the MDS values, and the temporal plot representing overlapping time slices each containing pixels representing a respective subset of the events; for each of the overlapping time slices, compute a diversity of each dimension of the plurality of dimensions, wherein a higher value of the diversity for a given dimension of the plurality of dimensions indicates that values of the given dimension are more spread apart; and identifying, by the system, security issues within the network environment from the graphical visualization.
12. The system of claim 11 , the processor further to: provide, in the graphical visualization, a respective graphical element representing the diversity of each dimension of the plurality of dimensions in a given time slice of the overlapping time slices.
13. The system of claim 11 , the processor further to: present a graphical user interface listing the plurality of dimensions, the graphical user interface including control elements that are user-actuatable to specify the respective weights for the plurality of dimensions; and set the respective weights for the plurality of dimensions in response to user actuation of the control elements.
14. A non-transitory machine-readable storage medium comprising instructions for: computing, by a system including a processor, similarities between events occurring within a network environment and that comprise a plurality of dimensions, the similarities computed based on binary comparisons between the events and based on user-specified weights for the dimensions; calculating, by the system, multidimensional scaling (MDS) values based on the computed similarities between the events; generating, by the system, a graphical visualization of a temporal plot of the events, the temporal plot comprising a first axis corresponding to time, and a second axis corresponding to the MDS values, and the temporal plot representing overlapping time slices each containing pixels representing a respective subset of the events; for each of the overlapping time slices, computing a diversity of each dimension of the plurality of dimensions, wherein a higher value of the diversity for a given dimension of the plurality of dimensions indicates that values of the given dimension are more spread apart; and identifying, by the system, security issues within the network environment from the graphical visualization.
15. The non-transitory machine-readable storage medium of claim 14 , wherein computing the similarities comprises computing weighted distances between the events based on the binary comparisons between individual dimensions of the events.
16. The non-transitory machine-readable storage medium of claim 15 , further comprising instructions for: generating a distance matrix having rows corresponding to the events and columns corresponding to the events, wherein a cell of the distance matrix includes a value representing the weighted distance between a pair of the events.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
March 17, 2015
June 30, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.